VPN Connection

Hi,
I guess this is a very wired question, but here it is:
I am trying to set up an VPN server. I do not want the clients to connect to the internal network (because I do not have one). I just want them to be able to browse the Internet through a VPN connection that they make to my server. I have set up a computer with Windows 2003 server on it. I have did set the server once but the clients could only connect to me and would not be able to browse the net. Please tell me step-by-step how to set up my server so it can accept clients and let them browse the internet through my internet connection.

yes, i do have the routing and remote access installed. The clients can make a connection to me, and i can see them when they are connected but they can not browse the internet. When i look at their status, i can see that I they are sending me packets, but their are not reciving any packets back from me.

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Just out of curiousity why are you having computers connect to your server through VPN just to browse the internet? If they are vpning into your server don't they already have to have some kind of internet access?

Surely you want the clients to use their own internet connection for general browsing? Unless you are trying to setup some kind of anonymous proxy for them.

If you would like them to use their own connection, they need to untick the box "use default gateway on remote network" which is located under:
vpn connection --> properties --> networking
tcp/ip --> properties --> advanced

yes, i am doing this so the clients(mostly my friends) can browse the net anonymously and also it would help them get past a few web sites blocks.

ccceqo2,
I have done what you have suggested, but still for some reason they can not browse the internet. As i said before, they can connect to me, and I can see them connected to me, but they can not send or receive packets. May be i have not set the server right. OR i have not done the ip addressing in the right way. If some one could tell me step-by-step how to set up the
Routing and remote acces in windows 2003 server, that would help alot. Also, how would you know if your isp alows VPN connection.

In my own experiments I can connect using RAS and browse the Internet through the VPN tunnel, but as soon as I use the same PC to connect by VPN through the Internet browsing the Internet stops working. I tried many fixes and did loads of packet monitoring trying to find the problem, in the end I found the requests seemed to be being routed correctly, both the VPN server and the router showed that a connection had been made to the relivent site, but data never got back to the client. In the end I set up a web proxy server and have never looked back since (it also speeds up browsing for clients using RAS).

Analogx is very quick and easy to setup, I will make some notes how to do it, give me a few minutes.

"Also, how would you know if your isp alows VPN connection."
Well, you could actually try the connection. That's about all that is guaranteed to work. Since VPN is pretty important for business, I doubt any but the most regimented governments block access from an ISP level. If your friends are in a corporation trying to browse while working, it'll be hit and miss, since Admins generally don't want employees fcking with the security integrity of their networks.

I'm basing my assumptions on Win2k since that's what I use, but the theory if nothing else should carry over. I'm sure little has changed between releases.

I asssum you have one LAN entry, and potentially several VPN connections.

I recommend setting up a DNS & DHCP server on your PC to facilitate their VPN. Otherwise, they can forward data to your PC, but they won't know a DNS server to use. If not otherwise specified, they'll continue to search for their old DNS server which is located wherever they came from. If you don't have physical access to their old DNS servers, then they go nowhere through the LAN interface. If you don't have NAT setup on the windows machine (the horrible built-in 'internet connection scharing' system) that'll need to get done. Since their IP addresses won't be valid from your ISP, you'll need to make sure the Source-NAT'ed from your machine at home. This can be tested with a Packet Sniffer like Ethereal for Windows.

Install Analogx proxy, then in configuration the IP to enter in the "proxy binding" is the LAN IP address of the PC running Analogx.

On the client PCs open Internet Explorer, Tools, Internet options. Go to the Connections TAB, in the "Dial up and VPN settings" list you should see the VPN connection you setup on the PC, highlight it and click settings

Ensure only "use a proxy server for this connection" is ticked, then enter the IP address used in Analogx and enter the port as 6588

OK your way out and that is it, when the client uses VPN the Internet connection will automatically go through your server, if they aren't connected to VPN then the Internet will work normally.

Everything can run on the one PC if required. I assign a fixed IP to my VPN servers LAN card and also assign a fixed IP range in the VPN server for assigning to clients (eg I don't use the DHCP server for the VPN clients).

I can't help much with specifics of Windows 2003 server as I don't use it.

I see no advantage to running an additional proxy server when the correct configuration of RRAS will do the job. It's more of a work-around with another piece of software to be worrying about than a fix!

sschange - under the routing & remote access management console - right click your server on the tree and select properties. On the general tab you'll have a couple of tic boxes labelled 'Router' and 'remote access server'. Are both of these boxes ticked (they need to be)?

I am also assuming that you have either a DHCP service running, or a static pool of addresses that are offering appropriate IP information to your clients when they connect.

Regarding ccceqo2's comment on unticking the 'use default gateway on remote network' - this option MUST be selected otherwise the client computer will only route traffic destined for your network.

what exactly do you mean by offering approprite IP? Like i said i am new in the networking area. what would be a good range of IP addresses. Right now I have the Static IP pool set to 192.168.1.100 - 192.168.1.200. Also i do have the 'Router' and 'remote access server' checked. the 'use default gateway on remote network' was also cleared. still they can only connect to and not be able to browse the internet.

Do you have DHCP running on your server? If so, you will not need the static IP pool. If you are not using DHCP then please advise what local (Lan) Ip your server has so we can advise on your static pool.

Also - when the client is connected to the VPN can they ping hosts on your network? I.e. your own personal machine, the server etc.

Featured Post

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.

In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…